General
-
Target
01c1bff87e5f8c76b8f4cb5ff2f7bf8933903b6f3195b4d2bc3e9e77d5e81bfc
-
Size
80KB
-
Sample
220212-pjq2qadhgq
-
MD5
28f59049351b3a386b9b6d35277d7ec3
-
SHA1
629d2eaf0d4e2dfded7029b4b7017795c0ea20cc
-
SHA256
01c1bff87e5f8c76b8f4cb5ff2f7bf8933903b6f3195b4d2bc3e9e77d5e81bfc
-
SHA512
9a15a2608788814ed68f354f8c1e421e552f619cebb1d179436fba73c1859055b66f29aa312aa1c0b3734a05e5e921464c052aec96707482098883f882af2652
Malware Config
Targets
-
-
Target
01c1bff87e5f8c76b8f4cb5ff2f7bf8933903b6f3195b4d2bc3e9e77d5e81bfc
-
Size
80KB
-
MD5
28f59049351b3a386b9b6d35277d7ec3
-
SHA1
629d2eaf0d4e2dfded7029b4b7017795c0ea20cc
-
SHA256
01c1bff87e5f8c76b8f4cb5ff2f7bf8933903b6f3195b4d2bc3e9e77d5e81bfc
-
SHA512
9a15a2608788814ed68f354f8c1e421e552f619cebb1d179436fba73c1859055b66f29aa312aa1c0b3734a05e5e921464c052aec96707482098883f882af2652
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-